Yubico used to publish a Windows Store application YubiKey for Windows Hello that allowed local non-domain joined accounts to login to Windows simply by inserting the YubiKey. However, that application has since been retired and there is no current method to perform a password login for a local account. The current tool Yubico Login for Windows allows the user to use the YubiKey as a 2nd factor but still requires a password to be typed in. It is more secure for sure, but security is always at odds with convenience and some users may feel that a passwordless YubiKey login is sufficient for their threat model, especially if they make sure to carry around the YubiKey at all times.
I have managed to repackage the YubiKey for Windows Hello Windows Store application from my previous machine and am thus sharing it with all. However, one caveat is that I had to re-sign the package with a self signed cert since I do not have Yubico's original cert. The steps to install my packaged version are as follows:
- Download the appx package and the cert
- Double click the cert and install it into the Local Machine's Trusted Root Certification Authorities store. You will need to manually specify the correct store.
- Go to Settings -> Use Developer Features and allow install apps from any source
- Double click the appx package to install it
- Go to Settings -> Set up PIN sign in and set a PIN
- Start YubiKey for Windows Hello and go through the steps to set up passwordless login
Note to Yubico
YubiKey for Windows Hello is a abandonware and cannot be obtained from any official website anymore. Please reach out if you have issues with me hosting a copy of it.